Data

On March 20, 2025, Mexico’s new Federal Law on the Protection of Personal Data held by Private Parties (FLPPDPP) published in the Official Gazette of the Federation. Effective March 21, the new law replaces the FLPPDPP published in July 2010.
Continue Reading Mexico’s New Personal Data Protection Law: Considerations for Businesses

Regulatory authorities globally are prioritizing data deletion rights, including legislation like California’s Delete Act and enforcement actions in Europe and Oregon. Businesses should consider enhancing their mechanisms for handling deletion requests to ensure compliance and build consumer trust.
Continue Reading Enforcement Update: Regulatory Attention Focused on Deletion Requests

  1. Full Steam Ahead: The European Union’s (EU) Artificial Intelligence (AI) Act in Action — As the EU’s landmark AI Act officially takes effect, 2025 will be a year of implementation challenges and enforcement. Companies deploying AI across the EU will likely navigate strict rules on data usage, transparency, and risk management, especially for high-risk AI

On Nov. 12, 2024, the Consumer Financial Protection Bureau (CFPB) released a report examining federal and state privacy protections for consumers’ financial data. In the report, the CFPB “critiques” the privacy protections available under the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA), asserting that the federal framework has “limitations.” The CFPB then

On Oct. 22, 2024, the CFPB issued a final rule that will require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s final rule, called the “Personal Financial Data Rights Rule,” implements Section 1033 of Title X of the Dodd-Frank Act, a to-date

On Oct. 21, 2024, the OMB Office of Information and Regulatory Affairs (OIRA) concluded its regulatory review of the long-awaited Federal Acquisition Regulation Controlled Unclassified Information Rule (FAR CUI Rule), clearing the proposed rule’s path for publication in the Federal Register in 2024.

The FAR CUI Rule is being issued pursuant to Executive Order 13556

Greenberg Traurig Data Privacy & Cybersecurity Shareholders David ZetoonyReena Bajowala, and Liz Harding will present the webinar “Navigating the First-in-the-nation Artificial Intelligence Act” on June 26 from 2:30 – 3:30 p.m. ET. The laws surrounding artificial intelligence are evolving quickly. While federal and state governments continue to consider various statutory proposals, Colorado

Some 18 months on from the failed American Data Privacy and Protection Act (ADPPA), there is another proposed federal privacy law. House and Senate committee leads released a new proposal for the bipartisan American Privacy Records Act (APRA) on April 7. There is a lot of discussion around this bill, which is subject to change

Since the Securities and Exchange Commission’s Cybersecurity Incident Disclosure Rule (SEC Rule) took effect Dec. 18, 2023, about a dozen companies have filed a Form 8-K reporting a material cybersecurity incident. This GT Alert discusses the trends on how companies have made these disclosures thus far. In short, the companies who have filed an 8-K

On April 17, 2023, the Washington State Legislature passed the “My Health My Data Act” (WMHMDA or the Act), which took effect for most companies March 31, 2024. Unlike other modern state privacy laws that purport to regulate any collection of “personal data,” WMHMDA confers privacy protections only upon “consumer health data.” This